The current essay is a critical writing aiming to address the topic of health information technology (HIT) regulations and standards. A state (Florida) was chosen to approach the present subject. Concerning the content, the paper consists of the three following parts. In the first part, Florida’s privacy laws that are specific to HIT are described and discussed. The second part is devoted to the comparison and contrast of Florida’s privacy laws against HIPAA privacy rules. In the third section, a sample policy in ensuring the privacy and confidentiality of patient health information when adopting a HIT is developed and presented. The sample policy covers the following questions: boundaries or limitations of disclosure, security, consumer control, and accountability.
Florida’s Privacy Laws Specific to HIT
In the modern world, the majority of information related to health is stored online. It is essential to protect the patient data and ensure its safety, as it is stated in the Constitution of the United States. Privacy is a right guaranteed under the Constitution; therefore, healthcare organizations must protect it. The right to privacy and confidentiality includes the protection of patients’ personal, physical, and medical information. There are three sources of the legal regulation of patients’ medical and personal data: The Federal HIPAA Privacy, Security, and Breach Notification Rules, State Privacy Laws, and Federal Trade Commission Act (Wager et al., 2017). In the current part, Florida’s Privacy Laws are addressed and discussed.
First of all, it should be mentioned that Florida’s Constitution protects the citizens’ right to privacy. According to privacy and confidentiality laws accepted in Florida, the following patient information must remain confidential: personal identification information, communication records between medical professionals and patients, and any personal information held by insurance companies, the Agency for Health Care Administration, and the Department of Elderly Affairs (“Privacy and confidentiality in Florida,” n.d.). The information mentioned above is covered in several statutes of Florida State that are presented and summarized below.
In the Florida Statute 456.07(10), it is stated that all medical organizations must ensure confidentiality of medical records and introduce policies to protect it (as cited in McKenzie, 2016). Moreover, medical staff must be aware of these policies and trained to support them. Further, the Florida Statute 456.07(11) refers to disclosures of medical records. All medical organizations (and insurance companies) are responsible for maintaining and controlling disclosures to a third party. Disclosures and reasons for it must be kept in medical records. Lastly, in the Florida Statute 456.07(7), it is stated that medical professionals are not allowed to discuss a patient’s personal and medical information with any third party other than the patient, their legal representative, and another health care specialist related to the treatment (as cited in McKenzie, 2016). The three statutes are the primary legal protections concerning the protection of a patient’s personal and medical information, and clearly, they are related to HIT.
Compare and Contrast of Florida’s Privacy Laws against HIPAA Privacy Rules
Florida’s privacy laws were presented and discussed above, and in this section, they are compared to HIPAA privacy rules. HIPAA is The Health Insurance Portability and Accountability Act of 1996. The sections 261-264 are devoted to requirements (for Secretary of the Department of Health and Human Services) to announce “standards for the electronic exchange, privacy and security of health information” (McKenzie, 2016, para. 1). These rules are called “The Privacy Rule and the Administrative Simplifications”. They are applied to “health plans, health care clearinghouses, and to health care providers who transmit health information in electronic form” (McKenzie, 2016, para. 3). The information protected under these rules includes the following: demographic data, physical and mental health conditions in the present and past (in written, photo and video formats), and payment history. Concerning the disclosure, it cannot be done except in the following cases: permission by the Privacy Rule or if a patient (or their legal representative) authorized the disclosure.
Comparing HIPAA against Florida’s privacy laws, it can be said that HIPAA and federal laws regulate and protect patients’ privacy and confidentiality of their medical information. States’ laws are mostly similar to each other, but they provide additional privacy protections. It is vital to highlight that HIPAA does not contradict state laws that ensure a higher level of protection (McKenzie, 2016). Florida’s privacy laws, as described earlier, are more detailed and cover a greater range of situations when protection of privacy and confidentiality is needed as compared to HIPAA.
A Sample Policy in Ensuring Privacy and Confidentiality of Patients Information
As a result of the discussion above, it is essential to present a sample policy for ensuring the privacy and confidentiality of patients’ information when adopting a HIT. The policy covers boundaries of disclosure, security, consumer control, and accountability. With adopting HIT, it is more complicated to ensure privacy and provide a possibility for consumer control. First of all, it is vital that only a patient and a medical professional who provides treatment (authorized users in the system) can access personal and medical information on the patient. Thus, the system should be complex enough to include users with different levels of access. Moreover, the access should be based on a two-tier approach to authentication, including biometrics. In addition, in case a patient agrees to disclose the data, he or she must provide their formal agreement to it.
Concerning accountability, employers of any medical institution should be accountable for the actions of their personnel. Thus, posing the owners’ responsibility means that they will control privacy and confidentiality in a more severe way, including investing in additional security measures, the training of employees, and adopting strict privacy and security policies in organizations. Moreover, local governments need to control how these measurements are implemented and respected.
Another vital point of the sample is an opportunity for consumer control. Patients should have access or a possibility to request access to view their private information and to control who can access it. It should be done to ensure the system’s transparency and to provide control for patients over their legal rights, as today, people are often skeptical about the way their private information is treated.
In conclusion, this essay aimed to present and discuss Florida’s privacy laws specific to HIT, to provide comparison and contrast of Florida’s privacy laws against HIPAA privacy rules, and to evaluate a sample policy in ensuring privacy and confidentiality of patients’ information. The first two parts cleared the connection between states and federal privacy laws and rules. The third part, the sample policy, suggested ways to enhance security and to protect patients’ privacy rights. The means to ensure safety of patients’ private information include the following: a complex authorization system with a two-tier approach, accountability of medical organizations, and an opportunity for consumer control.
References
McKenzie, A. (2016). Your medical privacy rights and remedies. McKenzie Law Firm.
Privacy and confidentiality in Florida. (n.d.) Health Information & The Law (2020).
Wager, K. A., Lee, F. W., & Glaser, J. P. (2017). Health care information systems: A practical approach for health care management (4th ed.). Jossey-Bass.